Opensips + OpenVPN

Halys
2010-04-07
2013-05-09
  • Halys
    Halys
    2010-04-07

    Hi,

    I installed OpenVPN on my Opensips server in order to test a VPN solution for NAT and firewall traversal.
    The VPN tunnel between my server and the clients is established, but the problem is that Opensips seems to be unable to listen on the virtual interface created by OpenVPN (tun0).

    I tried several configurations (listen=udp:10.8.0.1:5060, listen=tun0:5060, no listen parameter in order to bind on all interfaces) but none of them worked, Wireshark shows me that the REGISTER messages are received on the Opensips server but they don't seem to be seen by Opensips.
    Any idea ?

    Thanks,

    Sebastien

     
  • kerosine
    kerosine
    2010-08-13

    I’ve had a bad experience with communication security. I don’t need too complicated system like Asterisk. I need safe communication only among several people. Some of them behind the NAT. For this purpose
    1. I’ve setup routed OpenVPN server with this options: protocol - udp, device - tun, network - 10.8.0.0 255.255.255.0, compression - comp-lzo, then finely reniced openvpn priority to higher
    2. run rtpproxy with -l 10.8.0.1 option
    3. run opensips which listens udp:10.8.0.1:5060
    It is working fine, but very sensitive to the connection quality.
    Of cause OpenVPN tunneling should avoid using rtpproxy but I’m afraid Windows and other software will fill VPN connection with collateral junk. I haven’t noticed any improvement when tried client-to-client VPN option.
    In case any OpenVPN and opensips guru drop into this topic please help with numerous OpenVPN and opensips options to improve secure communication.

     
  • Jiff
    Jiff
    2010-08-23

    Try disabling compression and use BC-CBC (Blowfish) encryption (faster).
    Although I don't know much Opensips yet, but if it uses broadcasting as some other VoIP
    engines (and you need it), you'll be obliged to switch to bridged mode.